Key Facts

Remote From:

Florida (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Other Skills

•
Distributed Team Management
•
Decision Making
•
Non-Verbal Communication
•
Team Leadership
•
Leadership
•
Coaching

Roles & Responsibilities

8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.
Proven experience managing globally distributed teams and leading major cyber incidents.
Strong hands-on understanding of DFIR, threat intelligence, and threat hunting processes, with experience using a wide range of enterprise security tooling.
Exceptional written and verbal communication skills, including executive-level briefings and collaboration with Legal, Privacy, and Compliance.

Requirements:

Lead and develop a globally distributed, follow-the-sun team across threat intelligence, digital forensics, incident response, and threat hunting; maintain operating models, on-call rotations, escalation paths, and coverage.
Own enterprise incident response strategy, playbooks, and readiness activities aligned to NIST and industry best practices; serve as Incident Commander for high-severity incidents; coordinate technical response and executive communications; ensure containment, eradication, recovery, and post-incident remediation.
Oversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments; maintain defensible chain-of-custody and support legal, HR, privacy, and regulatory investigations; uphold enterprise DFIR standards.
Lead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization; translate intelligence into actionable outcomes; integrate internal telemetry with external sources; drive threat hunting; sponsor purple-team exercises.

Fidelity National Financial

Financial Services

About Fidelity National Financial

Fidelity National Financial, Inc. (NYSE: FNF) is a leading provider of title insurance and transaction services to the real estate and mortgage industries. Ranked #238 on the FORTUNE 500(r) list for 2022, FNF is the nation's largest title insurance company through our title insurance underwriters (Fidelity National Title, Chicago Title, Commonwealth Land Title, Alamo Title and National Title Insurance of New York) that collectively issue more title insurance policies than any other title company in the United States. Our mission is to advance, expand, and protect the experience of property ownership by making the safety of our customers our primary focus. We pride ourselves on being extremely customer-oriented, motivated, and quick to provide solutions for all of your title insurance needs. We strongly encourage employee ownership of company stock so our FNF family can share in our company’s continuous growth and be a valuable part of something bigger than themselves.

Company type: XLarge

Industry: Financial Services

Founded: 2018

Company size: 10001

Website LinkedIn See all jobs →

Job description

Overview:

POSITION OVERVIEW

The Incident Response & Threat Intelligence (IR/TI) Manager leads a globally distributed cyber defense team responsible for threat intelligence, incident response, digital forensics, and threat hunting across a large, complex enterprise environment. This role ensures the organization can rapidly detect, respond to, investigate, and learn from cyber threats while enabling executive‑level decision‑making during high‑impact incidents.

The position partners closely with the SOC, Security Engineering, Privacy, Legal, Compliance, Technology, and Executive Leadership to reduce business risk and maintain cyber resilience at Fortune 500 scale.

LOCATION

Jacksonville, FL preferred or 100% remote if not local.
Global on‑call responsibility for high‑severity incidents.
Limited travel for incident support, leadership meetings, and readiness exercises if not local to Jacksonville, FL

DUTIES & RESPONSIBILITIES

Global Team Leadership

Lead and continue to develop a geographically dispersed, follow‑the‑sun team across threat intelligence, digital forensics incident response, and threat hunting functions.
Maintain operating models, on‑call rotations, escalation paths, and coverage aligned to global business needs.
Coach senior analysts, build succession plans, and drive consistent performance, engagement, and retention.

Incident Response

Own enterprise incident response strategy, playbooks, and readiness activities, aligned to NIST and industry best practices.
Serve as Incident Commander for high‑severity cyber incidents; coordinate technical response, executive communications, and cross‑functional decision‑making.
Ensure effective containment, eradication, recovery, and post‑incident remediation, including executive‑level readouts and lessons learned.

Digital Forensics & Investigations

Oversee forensic acquisition and analysis across endpoints, cloud, identity, SaaS, and network environments.
Ensure defensible chain‑of‑custody processes and support legal, HR, privacy, and regulatory investigations as required.
Maintain enterprise DFIR standards, tooling, and investigative quality.

Threat Intelligence

Lead strategic, operational, and tactical threat intelligence capabilities to inform detection, response, and risk prioritization.
Translate intelligence into actionable outcomes, including detection engineering, threat hunting focus areas, and executive briefings.
Integrate internal telemetry with external intelligence sources and trusted sharing communities.

Threat Hunting & Detection Enablement

Drive hypothesis‑based threat hunting aligned to adversary behaviors and business‑critical risks.
Partner with SOC and Detection Engineering teams to improve detection coverage, fidelity, and response speed.
Sponsor purple team exercises to validate controls and surface gaps.

Technology & Automation

Own the roadmap and effectiveness of DFIR, TI, and threat hunting tooling (e.g. TIP and forensics platforms).
Increase automation and orchestration to accelerate investigation and response at enterprise scale.
Collaborate with security engineering teams to embed intelligence‑led security improvements.

Governance, Risk, & Executive Reporting

Ensure alignment with regulatory, legal, and internal governance requirements globally.
Define, track, and report KPIs and KRIs (e.g., incident trends and threat hunting / intelligence reports) to executive and board‑level audiences.
Translate technical risk into clear business impact and investment guidance.

MINIMUM REQUIREMENTS

8+ years in cybersecurity with 3+ years leading incident response and/or threat intelligence teams in large enterprises.
Proven experience managing globally distributed teams and leading major cyber incidents.
Strong hands‑on understanding of DFIR, threat intelligence, and threat hunting processes.
Experience with a wide breadth of enterprise security tooling.
Experience working cross‑functionally with Legal, Privacy, Compliance, and Executive Leadership.
Exceptional written and verbal communication skills, including executive‑level briefings.

PREFERRED EXPERIENCE